The CEO of Binance claims that a newly open-sourced solution for wallet providers and custodians is “far superior” to multi-sig security and will reshape the industry. In a tweet published on Nov. 6, Changpeng Zhao linked to a new open-source release from Binance, declaring:
“I believe TSS (threshold signatures scheme) will reshape the landscape for wallets and custodian services. It is far superior to multi-sig.”
Unlike multi-sig, TSS is implemented off-chain
Binance has today released an open-source implementation of its Threshold Signature Scheme (TSS) library for Elliptic Curve Digital Signature Algorithm (ECDSA): in layman’s terms, a new cryptographic protocol for distributed key generation and signing that will reportedly help wallet providers and custodians to avoid single points of failure in private keys within distributed key management.
As the exchange explains:
“TSS allows users to define a flexible threshold policy. TSS technology allows us to replace all signing commands with distributed computations so that the private key is no longer a single point of failure. For example, each of three users could receive a share of the private signing key, and in order to sign a transaction, at least two of the three users will need to join to construct the signature.”
TSS is implemented off-chain, unlike multi-signature protection, thereby using fewer resources and reducing potential attack surfaces.
Binance claims that threshold signatures will mean that a single compromised device won’t put a user’s assets at risk. For business operators, it can help to cement access control policies that purportedly prevent both insiders and outsiders from stealing corporate funds.
More information about TSS technology is available via the Binance Academy, with the open-source code accessible via GitHub.
Cybersecurity firm Kudelski appointed as 3rd-party auditor
Binance invited cybersecurity solutions provider Kudelski Security to conduct a third-party audit of the cryptography and code in the Binance TSS library, which reportedly found that “none of the issues found in the frame of this audit could be exploited” to “completely break the security of the scheme, or recover secret data.”
Kudelski entered a strategic partnership with smart contracts auditing firm Hosho earlier this year to combine their skill sets in order to meet the increasingly complex security demands of the blockchain sector.